1 kyung hee university chapter 18 domain name system

11Kyung Hee Universit

y

Chapter 18 Chapter 18 Domain Name SystemDomain Name System


y

IntroductionIntroduction

Mapping a name to an address or address to a name

When the Internet was small, information for mapping i

s stored in host file

The host file would be too large to store in every host

One solution is to store the entire host file in a single computer

Another solution is to divide the information into smaller parts and storing each part on a different computer

The host that needs mapping can contact the closest computer This method is used by the Domain Name System


y

16.1 Name Space16.1 Name Space The names should be unique because the addresses ar

e unique.

Name space that maps each address to a unique name can be organized in two ways :

Flat Name Space Name is assigned to an address A name in space is a sequence of characters without structu

re The names may or may not have a common section

Hierarchical Name Space The first part : the nature of the organization The second part : the name of organization The third part : departments of the organization


y

16.2 Domain Name Space16.2 Domain Name Space The tree can have only 128 levels: level 0 (root) to level

127

Label

Each node in the tree has a label, which is a string with a maximum of 63 characters.

Domain name

A full domain name is a sequence of labels separated by dots (.)

Fully Qualified Domain Name (FQDN)

A label that is terminated by a null string

challenger.stc.fhda.edu.


y

Domain Name Space (cont’d)Domain Name Space (cont’d)

Domain name space


y

Domain Name Space (cont’d)Domain Name Space (cont’d) Domain name and labels


y


Partially Qualified Domain Name (PQDN)

A label that is not terminated by a null string

used when the name to be resolved belongs to the same site as the client

for example, if a user at the fhda.edu. site wants to get the IP address of the challenger computer, a resolver can supply the missing part, called the suffix as follows.

- challenger.atc.fhda.edu

The DNS client normally holds a list of suffixes. The following can be the list of suffixes at De Anza College

atc.fhda.edu

fhda.edu

null


y


FQDN and PQDN


y

Domain Name Space (cont’d)Domain Name Space (cont’d) Domain

A domain is a subtree of the domain name space

the name of the domain is the domain name of the node at the top of the subtree


y

16.3 Distribution of Name Space16.3 Distribution of Name Space

Hierarchy of Name Servers

The solution to distribute a huge amount of information is to use DNS servers

dividing the whole space into many domains based on the first level


y

Distribution of Name Space (cont’d)Distribution of Name Space (cont’d)

Zone

What a server is responsible for or has authority over

if a sever accepts responsibility for a domain and does not divide the domain into smaller domains, the “domain” and the “zone” refer to the same thing.

the server makes a database, zone file ; it keeps all the information for every node under that domain.

If a sever divides its domain into subdomains and delegates part of its authority to other servers, “domain” and “zone” refer to different things.


y

Distribution of Name Space (cont’d)Distribution of Name Space (cont’d)

Zone


y

Distribution of Name Space (cont’d)Distribution of Name Space (cont’d) Root Server

a server whose zone consists of the whole tree

not storing any information about domains but delegates its authority to other servers, keeping references to those servers

currently there are more than 13 root servers in the world, each covering the whole domain name space

Primary and Secondary Servers

Primary server : storing a file about the zone for which it is an authority; it can create, maintain and update the zone file

Secondary server : transferring the complete information about a zone from another server (primary or secondary) and storing the file on its local disk. If updating is required, it must be done by the primary server

it can be used as the redundant data when a server fails


y

16.4 DNS in the Internet16.4 DNS in the Internet In the Internet, the domain name space (tree) is divided

into three different sections:

generic domains

country domains

inverse domain


y

DNS in the Internet (cont’d)DNS in the Internet (cont’d)

Generic Domains

defining registered hosts according to their generic behavior

each node in the tree defines a domain

Generic domains labelsLabel Description

Commercial organization

Educational institution

Government institution

International organizations

Military groups

Network support centers

Nonprofit organizations

com

edu

gov

mil

int

org

net


y



y


Country Domains

using two-character country abbreviation


y

Inverse Domain

used to map an address to a name

When a server has received a request from a client to do a task

to determine if the client is on the authorized list, the server can ask its resolver to send a query to the DNS server and ask for a mapping of address to name

Convention of reading the domain labels from the bottom to the top, IP address such as 132.34.45.121

121.45.34.132.in-addr.arpa.



y



y

16.5 Resolution16.5 Resolution

name-address resolution : mapping a name to an address or an address to a name

Resolver

A host that needs to map an addresses to a name or a name to an address calls a DNS client called a resolver.

The resolver accesses the closest DNS server with a mapping request

Mapping names to Addresses

1) resolver gives a domain name to the server and asks for the corresponding address

2) the sever checks the generic domains or the country domains to find the mapping


y

Resolution (cont’d)Resolution (cont’d)

Mapping Addresses to Names

using PTR query

DNS uses the inverse domain

1) If the resolver receives the IP address 132.34.45.121, the resolver first inverts the address and then adds the two labels before sending

2) the domain name sent is 121.45.34.132.in-addr.arpa, which is received by the local DNS and resolved


y


Recursive Resolution

recursively asking for the answer to the authoritative server


y


Iterative Resolution

if the server is an authority for the name, it sends the answer. If it is not, it returns (to the client) the IP address of the server that it thinks can resolve the query

the client is responsible for repeating the query to this second server

if the newly addressed server can resolve the problem, it answers the query with the IP address;otherwise, it returns the IP address of a new server to the client


y



y


Cashing

to reduce the search time

When a sever asks for a mapping from another sever and receives the response, it stores this information in its cache memory before sending it to the client

use of TTL to prevent an outdated mapping


y

16. DNS Messages16. DNS Messages

DNS has two types of messages: query and response


y

DNS Messages (cont’d)DNS Messages (cont’d)

Query and response messages


y


Header format

Both query and response messages have the same header format with some fields set to zero for the query messages (12 bytes)

Identification : 16 bits field used by the client to match the response with the query


y

DNS Messages (cont’d)DNS Messages (cont’d) Header format (cont’d)

Flags field QR (query and response) : query – 0, response – 1 OpCode : defining the type of query and response

– standard : 0, inverse : 1, server status report :2 AA (authoritative answer) : if it is set to 1, its means that the name

server is an authoritative server. TC (truncated) : if it is set, it means that the response was more th

an 512 bytes and truncated to 512. It is used when DNS uses the services of UDP

RD (recursion desired) : meaning the client desires a recursive answer

RA (recursion available) : meaning that a recursive response is available. Used in response message

Reserved rCode : showing the status of the error in the response


y


Values of rCode

Value Meaning

0 No error 1 Format error 2 Problem at name server 3 Domain reference problem

4 Query type not supported

5 Administrative prohibited 6-15 Reserved


y


Number of question records : 16-bit field containing the number of queries in the question of the message

Number of answer records : 16-bit field containing the number of answer records in the answer section of the response message

Number of authoritative records : 16-bit field containing the number of authoritative records in the authoritative section of a response message

Number of additional records : 16-bit field containing the number of additional records in the additional section of a response message.


y

16.7 Types of Records16.7 Types of Records

Question Record

used by the client to get information from a server. This contains domain name.

Question record format

Query name format


y

Types of Records (cont’d)Types of Records (cont’d)

Query type (table 16.4)

Query class : defining the specific protocol using DNS

(Table 16.5)


y


Resource Record

Each domain name (each node on the tree) is associated with a record called the resource record.

The server database consists of resource records

Returned by the server to the client

Domain name

Domain type : same as the query type field in the question section

Domain class : same as query class field

Time to live

Record data length


y


Resource data

containing the answer to the query (in the answer section) or the domain name of the authoritative server (in the authoritative section) or additional information (in the additional information (in the additional information section)

A number : written in octets. IPv4 address is a four-octet integer and IPv6 address is a 16-octet integer

A domain name : expressed as a sequence of labels


y


Resource Record


y

16.8 Compression16.8 Compression

DNS requires that a domain name be replaced by an off

set pointer when it is repeated.

Format of an offset pointer


y

16.10 DDNS16.10 DDNS

The DNS master file must be updated dynamically the c

hange such as adding a new host, removing host, or ch

anging an IP address.

In DDNS, when a binding between a name and address

is determined, information is sent, usually by DHCP to a

primary DNS server.


y

16.11 Encapsulation16.11 Encapsulation

using either UDP or TCP

UDP : used when the size of the response message is less than 512 bytes

well-known port used by the server is port 53

1 kyung hee university chapter 18 domain name system

Documents